On 6/16/15, 16:13, "Florian Weimer" <[email protected]> wrote:
>* Edward Lewis: > >> It's not just a matter of the rich getting richer and the poor getting >> poorer, it's a matter rooted in a technical fault in the architecture of >> the system. > >It's not a technical fault. There's little liability for forwarding >packets with forged source addresses, or designing networks with that >flaw built into them. There's no technical solution to that. You >can't stop pollution by creating better filters because there is >always an incentive not to filter your waste at all. My point of view is that the approach of security additions over the past decades has exacerbated the problem rather than alleviated it. Practical solutions to security start with ensuring the usefulness of the system is paramount - availability increased via the reduction in abuse. Our approaches haven't met that principle. DNS knows that UDP is unsafe. Yet DNS relies on it. Pointing fingers at UDP is like sticking your head in the sand and ignoring the problem. There's been no approach that has gained consensus enough to even begin talking about deployment incentives.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
